Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux_resilient_storage
(Redhat)| Repositories | https://github.com/ClusterLabs/pacemaker |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-05-14 | CVE-2015-1848 | The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag. | Pacemaker_configuration_system, Enterprise_linux_high_availability, Enterprise_linux_high_availability_eus, Enterprise_linux_resilient_storage, Enterprise_linux_resilient_storage_eus | N/A | ||
| 2022-02-18 | CVE-2016-2124 | A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. | Ubuntu_linux, Debian_linux, Fedora, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_resilient_storage, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_tus, Enterprise_linux_workstation, Gluster_storage, Openstack, Virtualization_host, Samba | 5.9 | ||
| 2015-08-12 | CVE-2015-1867 | Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. | Pacemaker, Enterprise_linux_high_availability, Enterprise_linux_resilient_storage | N/A | ||
| 2017-03-24 | CVE-2016-7797 | Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. | Pacemaker, Leap, Leap, Enterprise_linux_high_availability, Enterprise_linux_resilient_storage, Linux_enterprise_high_availability, Linux_enterprise_software_development_kit | 7.5 |